/**
*
* Has the user requested a prior session?
*
* @return bool
*
*/
public function isContinuing()
{
if ($this->_stopped) {
// Don't attempt to continue a session we've already destroyed
return false;
}
$name = session_name();
return $this->_request->cookie($name);
}
/**
*
* Does the incoming request look like a cross-site forgery?
*
* Only works for POST requests.
*
* @return string
*
*/
public function isForgery()
{
$this->_update();
if (!self::$_request->isPost()) {
// only POST requests can be cross-site request forgeries
return false;
}
if (!self::$_current) {
// there is no current value so it doesn't matter
return false;
}
// get the incoming csrf value from $_POST
$key = $this->getKey();
$val = self::$_request->post($key);
// if they don't match, it's a forgery
return $val != self::$_current;
}
/**
*
* Sets properties from a specified URI.
*
* @param string $uri The URI to parse. If null, defaults to the
* current URI.
*
* @return void
*
*/
public function set($uri = null)
{
// build a default scheme (with '://' in it)
$scheme = $this->_request->isSsl() ? 'https://' : 'http://';
// get the current host, using a dummy host name if needed.
// we need a host name so that parse_url() works properly.
// we remove the dummy host name at the end of this method.
$host = $this->_request->server('HTTP_HOST', 'example.com');
// right now, we assume we don't have to force any values.
$forced = false;
// forcibly set to the current uri?
$uri = trim($uri);
if (!$uri) {
// we're forcing values
$forced = true;
// add the scheme and host
$uri = $scheme . $host;
// we need to see if mod_rewrite is turned on or off.
// if on, we can use REQUEST_URI as-is.
// if off, we need to use the script name, esp. for
// front-controller stuff.
// we make a guess based on the 'path' config key.
// if it ends in '.php' then we guess that mod_rewrite is
// off.
if (substr($this->_config['path'], -5) == '.php/') {
// guess that mod_rewrite is off; build up from
// component parts.
$uri .= $this->_request->server('SCRIPT_NAME') . $this->_request->server('PATH_INFO') . '?' . $this->_request->server('QUERY_STRING');
} else {
// guess that mod_rewrite is on
$uri .= $this->_request->server('REQUEST_URI');
}
}
// forcibly add the scheme and host?
$pos = strpos($uri, '://');
if ($pos === false) {
$forced = true;
$uri = ltrim($uri, '/');
$uri = "{$scheme}{$host}/{$uri}";
}
// default uri elements
$elem = array('scheme' => null, 'user' => null, 'pass' => null, 'host' => null, 'port' => null, 'path' => null, 'query' => null, 'fragment' => null);
// parse the uri and merge with the defaults
$elem = array_merge($elem, parse_url($uri));
// strip the prefix from the path.
// the conditions are ...
// $elem['path'] == '/index.php/'
// -- or --
// $elem['path'] == '/index.php'
// -- or --
// $elem['path'] == '/index.php/*'
//
$path = $this->_config['path'];
$len = strlen($path);
$flag = $elem['path'] == $path || $elem['path'] == rtrim($path, '/') || substr($elem['path'], 0, $len) == $path;
if ($flag) {
$elem['path'] = substr($elem['path'], $len);
}
// retain parsed elements as properties
$this->scheme = $elem['scheme'];
$this->user = $elem['user'];
$this->pass = $elem['pass'];
$this->host = $elem['host'];
$this->port = $elem['port'];
$this->fragment = $elem['fragment'];
// extended processing of parsed elements into properties
$this->setPath($elem['path']);
// will also set $this->format
$this->setQuery($elem['query']);
// if we had to force values, remove dummy placeholders
if ($forced && !$this->_request->server('HTTP_HOST')) {
$this->scheme = null;
$this->host = null;
}
// finally, if we don't have a host, and there's a default,
// use it
if (!$this->host) {
$this->host = $this->_config['host'];
}
}
/**
*
* Lazy-start the session (i.e., only if a session cookie from the client
* already exists).
*
* @return void
*
*/
public function lazyStart()
{
// don't start more than once.
if ($this->isStarted()) {
// be sure the segment is loaded, though
$this->load();
return;
}
$name = session_name();
if (self::$_request->cookie($name)) {
// a previous session exists, start it
$this->start();
}
}
/**
*
* Tells if the current page load appears to be the result of
* an attempt to log out.
*
* @return bool
*
*/
public function isLogoutRequest()
{
$method = strtolower($this->_config['source']);
$process = $this->_request->{$method}($this->_config['source_process']);
return !$this->_request->isCsrf() && $process == $this->_config['process_logout'];
}
/**
*
* Post-construction tasks to complete object construction.
*
* @return void
*
*/
public function _postConstruct()
{
parent::_postConstruct();
// get the current request environment
$this->_request = Solar::dependency('Solar_Request', $this->_config['request']);
// make sure we have a default action
$action = $this->_request->server('REQUEST_URI');
$this->_default_attribs['action'] = $action;
// reset the form propertes
$this->reset();
}
/**
*
* Whether or not user requested a specific process within the action.
*
* By default, looks for $process_key in [[Solar_Request::post()]] to get the
* value of the process request.
*
* Checks against "PROCESS_$type" locale string for matching. For example,
* $this->_isProcess('save') checks Solar_Request::post('process')
* against $this->locale('PROCESS_SAVE').
*
* @param string $type The process type; for example, 'save', 'delete',
* 'preview', etc. If empty, returns true if *any* process type
* was posted.
*
* @param string $process_key If not empty, check against this
* [[Solar_Request::post()]] key instead $this->_process_key. Default
* null.
*
* @return bool
*
*/
protected function _isProcess($type = null, $process_key = null)
{
// make sure we know what post-var to look in
if (empty($process_key)) {
$process_key = $this->_process_key;
}
// didn't ask for a process type; answer if *any* process was
// requested.
if (empty($type)) {
$any = $this->_request->post($process_key);
return !empty($any);
}
// asked for a process type, find the locale string for it.
$locale_key = 'PROCESS_' . strtoupper($type);
$locale = $this->locale($locale_key);
// $process must be non-empty, and must match locale string.
// not enough just to match the locale string, as it might
// be empty.
$process = $this->_request->post($process_key, false);
return $process && $process == $locale;
}
/**
*
* Post-construction tasks to complete object construction.
*
* @return void
*
*/
protected function _postConstruct()
{
parent::_postConstruct();
// request environment
$this->_request = Solar::dependency('Solar_Request', $this->_config['request']);
// filter object
$this->_filter = Solar::dependency('Solar_Filter', $this->_config['filter']);
// csrf object
$this->_csrf = Solar::factory('Solar_Csrf');
// set the default action attribute
$action = $this->_request->server('REQUEST_URI');
$this->_default_attribs['action'] = $action;
// reset everything
$this->reset();
}
/**
*
* Indicates this is a cross-site request forgery attempt.
*
* @return void
*
*/
protected function _csrfAttempt()
{
$this->_errors[] = 'ERR_CSRF_ATTEMPT';
$vars = $this->_request->post();
foreach ((array) $vars as $key => $val) {
$this->_errors[] = "{$key}: {$val}";
}
$this->_response->setStatusCode(403);
return $this->_forward('error');
}
/**
*
* Post-construction tasks to complete object construction.
*
* @return void
*
*/
protected function _postConstruct()
{
parent::_postConstruct();
// only set up the handler if it doesn't exist yet.
if (!self::$_handler) {
self::$_handler = Solar::dependency('Solar_Session_Handler', $this->_config['handler']);
}
// only set up the request if it doesn't exist yet.
if (!self::$_request) {
self::$_request = Solar_Registry::get('request');
}
// determine the storage segment; use trim() and strict-equals to
// allow for string zero segment names.
$this->_class = trim($this->_config['class']);
if ($this->_class === '') {
$this->_class = 'Solar';
}
// set the class
$this->setClass($this->_class);
// lazy start: find the cookie name and look for the session cookie
$name = session_name();
if (self::$_request->cookie($name)) {
// a previous session exists, start it
$this->start();
}
}
/**
*
* Prepares the comment, spam, or ham comment data **by reference** for
* submission to Akismet.
*
* The $data keys are:
*
* `blog`
* : The front page or home URL of the instance making the
* request. For a blog or wiki this would be the front page. Must be a
* full URI, including 'http://'. Default is the config value for
* `blog`.
*
* `user_ip`
* : IP address of the comment submitter. Default is the
* server REMOTE_ADDR value.
*
* `user_agent`
* : User agent information. Default is the server
* HTTP_USER_AGENT value.
*
* `referrer` (note spelling)
* : Default is the HTTP_REFERER value.
*
* `permalink`
* : The permanent location of the entry the comment was submitted to.
*
* `comment_type`
* : May be blank, 'comment', 'trackback', 'pingback', or any other value
* (e.g., 'registration'). Default blank.
*
* `comment_author`
* : Submitted name with the comment. Default blank. Leaving blank is
* highly likely to result in a "spam" result.
*
* `comment_author_email`
* : Submitted email address
*
* `comment_author_url`
* : Commenter URL.
*
* `comment_content`
* : The content that was submitted.
*
* @param array &$data The data to prepare **by reference**.
*
* @return void
*
*/
protected function _prepareData(&$data)
{
$base = array('blog' => $this->_config['blog'], 'user_ip' => $this->_request->server('REMOTE_ADDR'), 'user_agent' => $this->_request->http('user_agent'), 'referrer' => $this->_request->http('referer'), 'permalink' => null, 'comment_type' => null, 'comment_author' => null, 'comment_author_email' => null, 'comment_author_url' => null, 'comment_content' => null);
// merge the base info, data overrides, and the server info
$data = array_merge($base, $data, $this->_request->server());
}
/**
*
* Post-construction tasks to complete object construction.
*
* @return void
*
*/
protected function _postConstruct()
{
parent::_postConstruct();
// request environment
$this->_request = Solar::dependency('Solar_Request', $this->_config['request']);
// filter object
$this->_filter = Solar::dependency('Solar_Filter', $this->_config['filter']);
// set the default action attribute
$action = $this->_request->server('REQUEST_URI');
$this->_default_attribs['action'] = $action;
// now merge attribute configs to defaults
$this->_default_attribs = array_merge($this->_config['attribs'], $this->_default_attribs);
// reset everything
$this->reset();
}
